Historically, ownership was the only authorization check in our code. All profile-related checks were handled with current_user. With the introduction of api_key, ownership_call and ownership_requests, we have authorization checks like following sitting awkwardly in the controller (sometimes even model).
Historically, ownership was the only authorization check in our code. All profile-related checks were handled with
current_user
. With the introduction of api_key, ownership_call and ownership_requests, we have authorization checks like following sitting awkwardly in the controller (sometimes even model).It would be nicer if we moved all these checks out of the controller and let an authorization plugin like cancancan or pundit handle it.
Is your feature request related to a problem?
code health
Describe the solution you'd like
Add cancancan or pundit